On 07/07, Michal Hocko wrote: > > On Sun 03-07-16 15:21:47, Oleg Nesterov wrote: > > > > > > I am not sure I can see security implications but I agree this is less > > > than optimal, > > > > Well, just suppose that a memory hog execs a setuid application which does > > something important, then we can kill it in some "inconsistent" state. Say, > > after it created a file-lock which blocks other instances. > > How that would differ from selecting and killing the suid application > right away? in this case we at least check oom_score_adj/has_capability_noaudit(CAP_SYS_ADMIN) before we decide to kill it. > > And it is not clear to me why "child_points > victim_points" can be true if > > the victim was chosen by select_bad_process() (to simplify the discussion, > > lets ignore has_intersects_mems_allowed/etc). > > Because victim_points is a bit of misnomer. It doesn't have anything to > do with selected victim's score. victim_points is 0 before the loop. Ah, thanks. Yes I misread the code. Oleg. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>